Re: [Libguestfs] [PATCH 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.

On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones(a)redhat.com&gt; wrote: > For real imageio servers the destination will always be https. This > change has no effect there. > > However when testing we want to use an http server for simplicity. As > there is no cafile in this case the call to > ssl.create_default_context().load_verify_locations(cafile=...) will fail. > --- > v2v/rhv-upload-plugin.py | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > index 5cd6d5cab..6e35b5057 100644 > --- a/v2v/rhv-upload-plugin.py > +++ b/v2v/rhv-upload-plugin.py > @@ -207,8 +207,11 @@ def open(readonly): > else: > destination_url = urlparse(transfer.proxy_url) > > - context = ssl.create_default_context() > - context.load_verify_locations(cafile = params['rhv_cafile']) > This line was never needed. In imageio client we use: context = ssl.create_default_context( purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile) if not secure: context.check_hostname = False context.verify_mode = ssl.CERT_NONE See https://github.com/oVirt/ovirt-imageio/blob/356d224f1124deb3d63125b1f3b3e... So we can replace this with context = ssl.create_default_context(cafile = params.get('rhv_cafile')) > + if destination_url.scheme == "https": > + context = ssl.create_default_context() > + context.load_verify_locations(cafile = params['rhv_cafile']) > + else: > + context = None > This will create a default context inside HTTPSConnection.__init__, which will try to verify the server certificate and hostname and may fail if the certificates are not set up properly in the tests.